Appendix D Configuring for interoperability 221

Figure 13 Split tunneling example

Printer

192.19.2.33

Public

10.2.3.3

Data Network

10.2.3.2

 

192.168.43.6

VPN Router

 

192.19.2.32

Remote User 192.19.2.31

10.2.3.410.10.0.1

Archive

10.10.0.5

Mail Server

To configure the VPN Router as a user tunnel:

1Select Profiles > Groups and click Add. Enter a group name of up to 64 characters (spaces are permitted); for example, Research and Development.

2Click Edit next to the name of the new group, scroll down to the IPsec section, and click Configure.

The IPsec Edit window appears.

3Enable Split tunneling if you want your VPN Router to control the networks that the third-party client can access. If you disable split tunneling and enable Allow undefined networks for non-Nortel VPN Clients, the clients can connect to all internal networks. If you select both Split Tunneling and Allow undefined networks for non-Nortel VPN Clients, the VPN Router uses the split tunneling feature and ignores the Allow undefined networks selection.

4Under Client Selection, select Non-Nortel VPN Clients (LINUX) or Both Nortel and Non-Nortel VPN Clients from the list.

5Third-party clients can use either preshared key or digital certificate authentication. Click to enable the user name and password to authenticate user identity. If you are using Main mode, the user name is the user’s IP address and the password can be any password.

Click RSA Digital Signature to enable certificate authentication if your

client supports this. You must then select a default server certificate from the list. You configure servers from the System > Certificates window.

Nortel VPN Router Troubleshooting

Page 221
Image 221
Nortel Networks NN46110-602 manual To configure the VPN Router as a user tunnel